Android botnet sending millions of copied texts to Korea and China

Posted 19 December 2013 - 04:00 PM

A malicious botnet has been uncovered by security researchers. The software sends copies of users' SMS' to email addresses believed to be registered in Korea and China.

Named MicroSMS, it infects Android devices by pretending to be a settings app called 'Google Vx'. Once in place it then asks for administrative rights and, if granted them, steals the contents of SMS messages and sends them to a third party.

In a blog post, security firm FireEye wrote: "Some SMS-stealing malware sends the contents of users SMS messages by forwarding the messages over SMS to phone number under the attacker's control. Others send the stolen messages to a CnC server over TCP connections. The malicious app, by contrast, sends the stolen SMS messages to the attacker's email address of an SMTP connection."

All apps compromised

The post went on to say that MicroSMS is one the largest mobile botnets that leverages modern technology and infrastructure. The discovery, it claims, highlights the importance of mobile protection and the quickly changing landscape of security threats.

The company claims that many of the email addresses which receive the SMS messages are being accessed from mainland China and Korea. FireEye is working with law enforcement agencies to get the email; accounts shut down and says there is no evidence yet of new accounts springing up in their place.

It was revealed earlier this year that all of the top 100 paid Android apps and 56 per cent of top 100 paid iOS apps available as 'cracked' versions had been compromised.

The widespread use of cracked apps represents a real danger for both individuals and companies, given the explosion of smartphone and tablet use in the workplace and home, says mobile security firm Arxan.